On Thu, Feb 25, 2016 at 4:53 PM, Vitaly Repin <[email protected]> wrote:
> Hello, > > I am trying to understand how the Wireshark TCP dissector utilizes memory. > That's a good place to start but there's a lot of other stuff in Wireshark that will use a lot of memory as time goes by. On the off chance you haven't read it (at least a dozen times :-)) already: Wireshark's generally not the best tool for doing long-term analysis for exactly this reason (memory usage). At one point I was quite interested in adding some kind of memory profiling into Wireshark so we could see exactly where the memory was used at any given point in time (e.g., frame_data's are using 20 Mbytes, TCP reassembly's using 100 Mbytes, etc.) but I never came up with something good. Then I have taken a look into tcpd->acked_table. According to the > comment it "contains a tree containing all the various ta's keyed by > frame number". > I see that this list monothonically grows during the analysis. It is > expected behavior? > Assuming that 1) your TCP segments are being ACK'd and 2) you have TCP sequence analysis enabled (it is by default) then yes, it is expected. > Any ideas how I can decrease memory consumption (even for the price of > not being able to analyze the whole TCP session if it contains huge > amount of data)? > Have you gone through the suggestions in the Wiki's OutOfMemory article? It has some pointers to things that will limit the memory usage. https://wiki.wireshark.org/KnownBugs/OutOfMemory
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
